The Kromtech Security Center has discovered a massive amount of customer files leaked online and publically available. Researchers were able to access the data and details of 31,293,959 users. MongoDB database appears to belong to Ai.Type a Tel Aviv-based startup that designs and develops a personalized keyboard for mobile phones and tablets for both Android and iOS devices. Ai.Type was founded in 2010 and According to their site, their flagship product for Android was downloaded about 40 million times from the Google Play.

Client files that included the personal details of 31,293,959 users who installed ai.type virtual keyboard. This is highly sensitive and identifiable information such as:

Phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number (international mobile subscriber identity used for interconnection), IMEI number (a unique number given to every single mobile phone), emails associated with the phone, country of residence, links and the information associated with the social media profiles (birthdate, title, emails etc.) and photo (links to Google+, Facebook etc.), IP (if available), location details (long/lat).

6,435,813 records that contained data collected from users’ contact books, including names (as entered originally) and phone numbers, in total more than 373 million records scraped from registered users’ phones, which include all their contacts saved/synced on linked Google account.

https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records